195539 matches found
WordPress plugin eMagicOne Store Manager SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the id and ticketid GET parameters in the patient.php file, allowing...
WordPress plugin NextGEN Gallery 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by the reuse of the JavaScript: WebAssembly component after it was released...
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the sm-policies Endpoint called...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds read issue in the fnnlcthelperdumptable function within netfilter nfnetlink. Thi...
Code-MCP 注入漏洞
Code-MCP is an AI-integrated tool for terminal and file operations developed by Steven Yu. Code-MCP has a vulnerability that stems from the operation of the MCP Tool component in the gitoperation function located in the src/codemcp/server.py file. This vulnerability may lead to command injection...
Mikrotik RouterOS 信任管理问题漏洞
Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There is a vulnerability in MikroTik RouterOS’s trust management mechanism. This vulnerability stems from the shared certificate validation logic, which leads to scope confusion. As a result, a...
DOMPurify 跨站脚本漏洞
DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions 3.0.1 to 3.3.3 of DOMPurify contain cross-site scripting vulnerabilities. These vulnerabilities stem from XSS attacks that...
JetKVM 安全漏洞
JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the authenticity of downloaded firmware files. This could allow intermediate parties o...
Discourse 安全漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained security vulnerabilities. These vulnerabilities...
RethinkDB security vulnerabilities
RethinkDB is an open-source database developed by RethinkDB. RethinkDB versions 2.4.4 and earlier have a security vulnerability. This vulnerability stems from a buffer overflow in the JSON parsing component cJSON.Cc, which could allow for the execution of arbitrary code...
Ateme Flamingo XL 安全漏洞
Ateme Flamingo XL is an application from Ateme, Inc. A security vulnerability exists in Ateme Flamingo XL version 3.2.9, which stems from a restricted shell escape and could lead to the execution of arbitrary commands...
Synology DiskStation Manager和Synology Unified Controller 缓冲区错误漏洞
Synology DiskStation Manager DSM and Synology Unified Controller are both products of China-based Synology, Inc.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. Synology DiskStation Manager is an operating system used on network storage servers NAS to...
WordPress plugin BMI Adult & Kid Calculator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞
Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Application is a printer management application. A security vulnerability exists in Vasion Print...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of NULL checking of string arrays in ALSA usb scarlett2, which could lead to null pointer dereferenci...
IBM TS4500 跨站脚本漏洞
The IBM TS4500 is a scalable tape library from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM TS4500 versions 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00, which stems from the presence of cross-site scripting in the web interface that could...
Moodle 授权问题漏洞
Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. An authorization issue vulnerability exists in Moodle versions 3.x through 3.11.18, which stems from a session fixation...
VMware vCenter Server 安全漏洞
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...
ASUS AiCloud 安全漏洞
AiCloud is a cloud service from ASUS, designed to provide easy access to the data inside the router's back-up devices such as USBs or PCs, as well as uploading, downloading, playing music online, browsing documents online, sharing links to Facebook, and setting up Smart Sync to synchronize with t...
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a virtual machine management software from Oracle Corporation USA. A security vulnerability exists in Oracle VM VirtualBox version 7.1.6, which originates from an elevated-privilege attacker that can be exploited via the login infrastructure and could lead to unauthorized...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the exposure of sensitive information ...
MongoDB Server 安全漏洞
MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server. The vulnerability...
F5 iControl REST和F5 BIG-IP TMOS Shell 操作系统命令注入漏洞
F5 iControl REST and F5 BIG-IP TMOS Shell are both products of F5 Corporation, U.S.A. F5 iControl REST is a development framework. and F5 BIG-IP TMOS Shell is a command line. An operating system command injection vulnerability exists in F5 iControl REST and F5 BIG-IP TMOS Shell that stems from th...
AutomationDirect C-More EA9 Programming Software 缓冲区错误漏洞
AutomationDirect C-More EA9 Programming Software is a programming software from AutomationDirect, Inc. AutomationDirect C-More EA9 Programming Software suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data when parsing an EAP9 file, resulting ...
Celk Sistemas Celk Saude 安全漏洞
Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which originates from the presence of a hypertext markup language injection vulnerability that allows an attacker to inject...
IBM InfoSphere Information Server和IBM InfoSphere DataStage Flow Designer 安全漏洞
IBM InfoSphere Information Server and IBM InfoSphere DataStage Flow Designer are both products of International Business Machines IBM.IBM InfoSphere Information Server is a data integration platform. The platform can be used to integrate data information obtained from various sources.IBM InfoSphe...
ChargePoint Home Flex 信息泄露漏洞
ChargePoint Home Flex is a series of electric vehicle charging devices from ChargePoint USA. An information disclosure vulnerability exists in the ChargePoint Home Flex, which stems from a Bluetooth low-power information disclosure in the Wi-Fi setup logic, which could lead to a network-adjacent...
AnyDesk 安全漏洞
AnyDesk is a remote desktop connection software from AnyDesk Germany. A security vulnerability exists in AnyDesk 8.1.0 and earlier versions, which stems from the ability to inadvertently expose public IP addresses in network traffic...
WordPress plugin LiteSpeed Cache 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Apache Solr 安全漏洞
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. An authentication error vulnerability exists in Apache Solr that stems from the...
Microsoft Windows Netlogon 授权问题漏洞
Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of relationships between domain...
WordPress plugin Checkout Field Editor for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from an expired OTP code remaining available when using FreeOTP when the OTP tok...
Laravel Starter Security Vulnerability
Laravel Starter is a simple starter project based on Laravel 11.x by Nasir Khan Saikat individual developer. A security vulnerability exists in Laravel Starter version 11.8.0 and earlier versions, which stems from an incorrect manipulation of the parameter Email that results in response...
WordPress plugin Rife Free security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Monstra CMS Security Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary code by uploading specially crafted PHP files...
编号撤回
wandb is a tool for visualizing and tracking machine learning experiments. This CVE number has been withdrawn...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a memory misreference vulnerability that is due to free usage in Visuals. An attacker can exploit this vulnerability to execute arbitrary code on a system...
Sante DICOM Viewer Pro 安全漏洞
Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter and PACS client from Santesoft Cyprus. Works with DICOM files of all models and manufacturers. A security vulnerability exists in Sante DICOM Viewer Pro, which stems from a lack of proper validation of user-supplied data...
WordPress Plugin No-Bot Registration 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
s::can moni::tools SQL Injection Vulnerability
s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...
Dell BIOS Security Vulnerability
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS that stems from the inclusion of an incorrect null termination vulnerability...
GitLab Access Control Error Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from the...
stereoscope path traversal vulnerability
stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...
Google Chromecast Security Breach
Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from the presence of a code executio...
Microsoft ASP.NET Core Security Vulnerability
Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...
WordPress Plugin Meks Audio Player Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...